fkie_cve-2025-50864
Vulnerability from fkie_nvd
Published
2025-08-20 15:15
Modified
2025-08-22 18:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an exact match. For example, a malicious origin like "notexample.com", "example.common.net" is whitelisted when the site's CORS policy specifies "example.com." This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation.
References
cve@mitre.orghttp://elysiajs.com
cve@mitre.orghttps://github.com/elysiajs/elysia-cors/blob/main/src/index.ts
cve@mitre.orghttps://github.com/elysiajs/elysia-cors/tree/main
cve@mitre.orghttps://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site\u0027s CORS policy, rather than performing an exact match. For example, a malicious origin like \"notexample.com\", \"example.common.net\" is whitelisted when the site\u0027s CORS policy specifies \"example.com.\" This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation."
    },
    {
      "lang": "es",
      "value": "Un error de validaci\u00f3n de origen en elysia-cors library hasta la versi\u00f3n 1.3.0 permite a los atacantes eludir las restricciones de Cross-Origin Resource Sharing (CORS). La librer\u00eda valida incorrectamente el origen proporcionado comprobando si es una subcadena de alg\u00fan dominio en la pol\u00edtica CORS del sitio, en lugar de realizar una coincidencia exacta. Por ejemplo, un origen malicioso como \"notexample.com\" o \"example.common.net\" se incluye en la lista blanca cuando la pol\u00edtica CORS del sitio especifica \"example.com\". Esta vulnerabilidad permite el acceso no autorizado a los datos de usuario en sitios que utilizan la librer\u00eda elysia-cors para la validaci\u00f3n CORS."
    }
  ],
  "id": "CVE-2025-50864",
  "lastModified": "2025-08-22T18:09:17.710",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T15:15:32.990",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://elysiajs.com"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/elysiajs/elysia-cors/tree/main"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-178"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.